Topic: Code vulnerabilities in 3.1-0.6

Hello Pat,
I found this info outlining some vulnerabilities with the latest release 3.1-0.6
http://www.vulnerability-lab.com/get_content.php?id=513

Do you have any plans for a code update to address these issues?

Thanks and Happy New Year!
Paul.

Re: Code vulnerabilities in 3.1-0.6

Hi Paul.
I have to look at my notes to see where I am on these. I think the code fixes were actually minor on the back end, but I was getting a bit bogged down in the cross-site issues (which require a "high level of user interaction", meaning you have to be tricked into being logged in and subsequently accessing your login from another site - you almost have to be phished or have DNS poisoning/spoofing.)

Let me see what, if anything, I have in my notes and where I'm at with the demo code.

Patrick
Lead developer FreeRealty
Other claims to fame: http://www.rwcinc.net
Enrolled Agent, Licensed to Represent Taxpayers before Exams, Appeals and Conference divisions of the Internal Revenue Service.